<?php
session_start ();
$success = false;
$errors = array ();
$result ['success'] = &$success;
$result ['errors'] = &$errors;
if (! empty ( $_POST ['username'] ) && ! empty ( $_POST ['passwd'] )) {
	
	include_once '../pages/config.php';
	$user = strtolower ( $_POST ['username'] );
	$pass = md5 ( strtolower ( $_POST ['passwd'] ) );
	
	$connection = mysql_connect ( $host, $username, $password ) or die ( json_encode ( array (
			'success' => false,
			'errors' => "could not connect to MySql" . mysql_error () 
	) ) );
	mysql_select_db ( "mydb", $connection ) or die ( json_encode ( array (
			'success' => false,
			'errors' => "could not connect to MySql" . mysql_error () 
	) ) );
	
	$query = "SELECT * FROM User where username = '" . addslashes ( $user ) . "' And password = '" . $pass . "'";
	$user1 = @mysql_query ( $query, $connection );
	if (mysql_num_rows ( $user1 ) > 0) {
		$success = true;
		$_SESSION ['username'] = $user;
		if ($user == "admin") {
			header ( "Location: ../admin/" );
			exit ();
		}
	}
} else {
	$success = false;
	$errors [] = 'Errors on receiving request';
}

die ( json_encode ( $result ) );